resource "google_cloud_identity_group" "group" {
  display_name = "<%= ctx[:vars]['group_id'] %>"

  parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>"

  group_key {
    id = "<%= ctx[:vars]['group_id'] %>@<%= ctx[:test_env_vars]['org_domain'] %>"
  }

  labels = {
    "cloudidentity.googleapis.com/groups.discussion_forum" = ""
  }
}

resource "google_access_context_manager_access_level" "<%= ctx[:vars]['access_level_id'] %>" {
  parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}"
  name   = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/<%= ctx[:vars]['access_level_name'] %>"
  title  = "<%= ctx[:vars]['access_level_name'] %>"
  basic {
    conditions {
      device_policy {
        require_screen_lock = true
        os_constraints {
          os_type = "DESKTOP_CHROME_OS"
        }
      }
      regions = [
  "US",
      ]
    }
  }
}

resource "google_access_context_manager_access_policy" "access-policy" {
  parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
  title  = "my policy"
}



resource "google_access_context_manager_gcp_user_access_binding" "<%= ctx[:primary_resource_id] %>" {
  organization_id = "<%= ctx[:test_env_vars]['org_id'] %>"
  group_key       = trimprefix(google_cloud_identity_group.group.id, "groups/")
  access_levels   = [
    google_access_context_manager_access_level.<%= ctx[:vars]['access_level_id'] %>.name,
  ]
}
